We provide IT Staff Augmentation Services!

Network Security Engineer Resume

Walnut Creek, CA

SUMMARY

  • Over 6+ years of Experience in designing, deploying and troubleshooting network & security infrastructure for Enterprise Environments.
  • Experience on Palo Alto NG Firewall configurations including URL filtering, Threat prevention, Data filtering, IPsec Tunnels, SSL - VPN and Zone Protection.
  • Expert in configuring Security policies using App ID, Services, Security profiles and URL category.
  • Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
  • Sound knowledge on Panorama, Wildfire, FireEye and its integration with Palo Alto Firewalls.
  • Experience with CISCO ASA Content Security and Control Security Services Module (CSC - SSM) and Advanced Inspection and Prevention Security Services Module (AIP-SSM).
  • Responsible for Palo Alto, Check Point and Cisco ASA firewall administration across global locations.
  • Experience on Access Control Server configuration using AD, RADIUS & TACACS+.
  • Experience in configuring and Troubleshooting BIG-IP LTM and GTM in F5 load balancers.
  • Extensive experience in dealing with vendors for MPLS/DSL installations.
  • Proficient in configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, MP - BGP and their redistribution over the networks.
  • Hands on experience in deploying GRE tunnels, IPSEC Tunnels, SSL-VPN, Site-Site VPN and DMVPN.
  • Proficient in implementation of filters using Standard and Extended access-lists, Time-based access-lists, Route Maps.
  • Experience on implementing route manipulation using Offset-list, route metrics.
  • Implemented redundancy protocols like HSRP, VRRP, and GLBP.
  • Implemented VSS along with VDC and VPC on Nexus 5K, 7K switches.
  • Configuring and Troubleshooting DNS, DHCP issues over large scale networks.
  • ImplementingEther-channel modes dynamically with PAgP, LACP.
  • Expertise in Configuration and troubleshooting of STP, RSTP, PVST, RPVST, BPDU Guard and BPDU filtering on Switches.
  • Experience in configuring VLANs, Inter-VLAN routing, Trunk ports and Port security.
  • Expertise in implementing IP Address management and subnetting concepts on various Network architectural designs.
  • Knowledge on BOM and managed inventory for network hardware.
  • Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, SolarWinds and TCP dump.
  • Expert in managing and monitoring the network devices using Syslog, SNMP, and NTP.
  • SME in OSI layer model/TCP/IP.
  • Well-organized in documenting tools like Microsoft VISIO, Microsoft Office.
  • Operating Systems: Linux, Windows Server 2008/2012, Windows 7/8, Microsoft Hyper-V.
  • Design, install, configure and isolate faults in Cisco Wireless LANs and assess WLAN encryption and security options.
  • Configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000.

TECHNICAL SKILLS

LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, LWAPs, IEEE 802.11, Token Ring, Workgroup, Domain, HSRP, DNS, Static, VLAN, STPVTP, Ether Channel, Trunks.

WAN Technologies: HDLC, PPP, Channelized links (E1/T1/E2/T2), Leased Line, ISDN/Dial-Up, Frame Relay circuits, Metro Ethernet, ATM, SONET, MPLS, VPN, IPsec-VPN.

Routing Protocols: OSPF, EIGRP, BGP, RIP v1/v2, Route redistribution, Route filtering, Summarization, Static route, OSPF, BGPv4, MP-BGP.

Routers dealt with: Cisco 7606, 7609, 3845, 3660, 2921, 2691, 1812, Juniper MX series, SRX, QFX and T series routers

Switching Technologies: VLANs, Inter VLAN routing and Port Channels, VTP, Spanning Tree Protocols like PVST+, RSTP+, Multi-Layer Switching, Port security, VSS, and CEF.

Switches dealt with: Nexus 5548, 5596, 56128P, 6000, 7009, 7018; Cisco Catalyst: 6506, 6509, 4928, 4948, 4507, 4510, 3750G, 3750X, 3560, and 2960

Network Security Technologies: ASA 5550/5540 Firewalls, Juniper SRX Firewall, Palo Alto firewall PA 200, 3000, Check points, Access Control Lists, IPsec, IDS, and IPS

Firewalls: Cisco ASA 55XX series, Checkpoint R75, R76, Palo Alto 5000, 3000 series

Network Management: Wireshark, SNMP, Netflow, Solarwinds, Tufin, Splunk, SYSLOG, NTP, DHCP, TFTP.

Load Balancers: F5 Network (Big-IP) LTM 8900 and 6400

Redundancy Protocols: HSRP, GLBP, VRRP

NEXUS Features: VDC, VPC, VRF, FEX, Fabric Path, F & M Series line cards

VPN Technologies: GRE Tunneling, Remote Access VPN, Site-to-Site VPN, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, ACL- Access Control List, IPS/IDS, NAT, PAT.

AAA Architecture: TACACS+, RADIUS, Cisco ACS

Operating Systems: Windows (98, ME, 2000, XP, Vista, Windows 7, 8.1), Linux, Hyper-V(ESX, KVM)

PROFESSIONAL EXPERIENCE

Confidential, Walnut Creek, CA

Network Security Engineer

Responsibilities:

  • Provides level 2/3 operational support for Process Control networks and Security technologies.
  • Hands on experience with Palo Alto NGF (5060, 3060) with security and management features such as URL filtering, data filtering, Threat prevention and Log Management.
  • Responsible for the GUI PANORAMA management for logging sessions, creating reports and managing different firewall devices.
  • Implementing APP-ID which defines custom applications and comprehensive set of predefined applications to be applied on firewall policies.
  • Worked on proactive threat analysis using AutoFocus which is built on Wildfire platform.
  • Configuring Zones, Virtual routers and interfaces on Palo Alto Firewall.
  • Working knowledge on proxy services, Site to Site VPN tunnels, and SSL certificates.
  • Configured Palo Alto to Wildfire cloud to mitigate Zero day attacks.
  • Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks using Dos Protection, Threat Prevention and Data Filtering.
  • Implemented security policies by creating groups (objects) and specific policies as per the user levels.
  • Responsible for Palo Alto software and firmware upgrades.
  • Maintaining Palo Alto Firewall & analysis of firewall logs.
  • Configuring VPN (IPSEC, GRE) in VPN concentrators and QOS in integrated networks.
  • Responsible for migrating Cisco ASA firewall to Palo Alto firewall.
  • Worked on the security levels with RADIUS, TACACS+, and KERBEROS for client authentications in various locations.
  • Experience working with design and deployment of MPLS layer 3 VPN Cloud, involving VRF, Route Distinguisher, Route target, Label Distribution Protocol.
  • Expertise in configuring routing protocols and deployment of OSPF, EIGRP, BGP and policy based routing.
  • Managed the IP address space using subnets and variable length subnet masks (VLSM) and Monitored the operability and reliability of the network.
  • Key contributions include troubleshooting ofcomplex LAN/WANinfrastructure that include routing protocolsEIGRP, OSPF and BGP.
  • Captured packets by configuring span port and analyzed using WIRESHARK and TCPDUMP.
  • Analyze and visualize the machine data using SPLUNK in real-time.
  • Worked with application development teams to ensure that their applications are routed properly for interaction.
  • Hands on experience in troubleshooting VPC, Subnets, Routing tables, Internet gateways.
  • Experience working with VMware ESX and KVM environment.
  • Responsible for investigating and troubleshooting incidents related to Cyber Security.
  • Develops and shares best practices with the other support teams.
  • Perform networkscanning and vulnerability assessments.
  • Participates and or leads risk assessments and compliance evaluations of new technologies.
  • Provide subject matter Expertise in the area of network switches, routers, firewall, and security technologies.
  • Handle Incident tickets related to the issues in the firewall and provide prompt support when any issue pops up.

Environment: Palo Alto NGF (5060, 3060), Net Flow, RADIUS, TACACS, EIGRP, OSPF, BGP, VPN, MPLS, Ether Channels, Cisco 7200/3845/3600/2800 routers, Sniffers, Cisco 6509/ 3750/3550/3500/2950 switches.

Confidential, Bloomfield, CT

Network and Security Engineer

Responsibilities:

  • Excellent Troubleshooting Skills and Customer Centric approach.
  • Expertise in Configuring, Monitoring and Troubleshooting Palo Alto (5040, 3020), Cisco and checkpoint firewalls.
  • Responsible for writing firewall rules based on applications, users and content.
  • Implementing USER-ID on Palo Alto firewall which identifies supported IP-to-USER mapping strategies.
  • Configured and installed the Firewall pair in High Availability mode as Active/standby and managed through the management port.
  • Monitored networklogs and securityevents generated by the securityappliances and determined the correct action or escalation path.
  • Worked Extensively on Cisco PIX and ASA Series firewalls.
  • Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA Firewalls.
  • Involved in Installing and Configuring a Cisco secure ACS server for AAA authentication.
  • Configured Client-to-Site VPN on Cisco ASA firewalls.
  • Responsible for Cisco ASA firewalladministration, Rule Analysis and Rule Modification.
  • Configured Site-Site VPN and Remote Site VPN on Checkpoint Firewall.
  • Worked on Checkpoint Firewall Clusters of High Availability and load balancing.
  • Strong Knowledge in working with F5 Load Balancers and their Implementation in various Networks.
  • Involved in design and implementation of Data Center Migration.
  • Managed and troubleshooting the Core, Distribution, and Edge Routers.
  • Worked on implementation strategies for the expansion of the MPLS VPN networks.
  • Configuration and deployment of routing protocols like OSPF, EIGRP & BGP over Cisco Routers in Production environment.
  • Experience with manipulating various BGP attributes such as Local Preference, MED, and Extended Communities.
  • Configured security policies including NAT/PAT, Route-maps, Prefix lists and Access Control Lists.
  • Provided BGP routing protocols for implementing multi-homing connection and carried out Route-redistribution between different routing protocols like OSPF, BGP, and EIGRP for increased efficiency.
  • Configured redundancy protocols like HSRP, VRRP and GLBP.
  • Switching tasks include VTP, ISL/ 802.1q, VLANs, Ether Channel, Port security, STP and RSTP.
  • Design, implementation and troubleshooting (disaster recovery) of the LAN IP infrastructure.
  • Analyzed packets using NMAP, Tufin and WIRE SHARK.
  • Worked On Linux, and Windows Platforms and also involved in planning of Network Maintenance.
  • Implemented and configured SNMP, Syslog and traps on Cisco routes to allow for network management.
  • Worked in upgrading of the IOS Version of the Routers & Switches including Nexus 7k and C3750 using the TFTP Server.
  • Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.

Environment: Palo Alto 5040 and 3020, Cisco catalyst 6509, 7609, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5520), Cisco 3750, F5 Load Balancers, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP.

Confidential

Network Engineer

Responsibilities:

  • Established, managed, and optimized network uptime and provided end-user support for users.
  • Worked closely with the securityteam on the deployment and troubleshooting of Cisco ASA, checkpoint and Palo Alto firewalls to apply policies.
  • Establishing VPN Tunnels using IPsec encryption standards and also configuring site-to-site VPN, Remote VPN.
  • Applying crypto maps and security keys for the branches, ISAKMP (Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys.
  • Provide Tier III Level Load Balancer expertise on F5 Big IP Local Traffic Managers (LTM).
  • Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BIG IP Load Balancers.
  • Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, Route maps, prefix-lists.
  • Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocols like OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design.
  • Responsible for configuring MPLS VPN cloud with CE and PE using protocols like eBGP and iBGP.
  • Configured EIGRP and OSPF as interior Gateway protocol route filtering and route redistribution.
  • Well experienced in configuring HSRP, VRRP, GLBP, PAP, and CHAP.
  • Involved in finding the issues for flapping BGP routes and OSPF routes.
  • Coordinating with Security team for NAT configuration and troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network.
  • Creating and managing user accounts to all team members in partner environment.
  • Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP, PVST, RPVST, configuring of ether channel with LACP and PAGP along with troubleshooting of inter-VLAN routing.
  • Enabled STP Enhancements to speed up the network convergence that include Port-fast, Uplink-fast and Backbone-fast.
  • Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems.
  • Monitoring Network infrastructure using SNMP, Solar-winds and Opnet.
  • Communicating and escalating tickets with service providers for network outage issues.
  • Involved in complete LAN, WAN redesign (including IP address planning, designing, installation, pre configuration of network equipment, testing, and maintenance) of both Campus and Branch networks.
  • Hands on experience with troubleshooting and configuring terminal servers.
  • Hands on using crimp tools, punch down tools to punch cables to the 110 data/voice blocks.
  • Worked on Physical site; latency and slowness issues in transmitting results within internal network.

Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960/6500 switches. Cisco3640/12000/ 7200/3845/3600/2800 routers, Palo Alto 2k,3k, checkpoint firewall, Cisco ASA, RIP, OSPF, BGP, EIGRP, MPLS, LAN, WAN, VPN, HSRP.

Confidential

Junior Network Engineer

Responsibilities:

  • Involved in configuration and management of different Layer 2 switching tasks which includes address learning, efficient switching etc.
  • Dealt with the escalation problems from Level1, Level 2 & Level 3 for routing, switching and WAN connectivity issues using ticketing system Remedy.
  • Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
  • Set up and troubleshoot secured wireless access points for broadband Internet.
  • Configured & maintained LAN, WAN, VPN, and WLAN on Cisco Routers.
  • Configured networkaccess servers and routers for AAA Security (TACACS+).
  • Managing and configuring of Wide Area Networking Protocols like HDLC, PPP.
  • Configuring Routing Protocols like EIGRP, BGP, and OSPF.
  • Implemented the concept of Route Redistribution between different routing protocols.
  • Involved in HSRP, VRRP, GLBP configuration and troubleshooting and Port channel management of the network.
  • Dealt with NAT configuration and its troubleshooting issues related access lists and DNS/DHCP issues within the LAN network.
  • Switching related tasks included implementing VLANS, Ether channel and configuring ISL trunk on Fast - Ethernet channel between switches.
  • Configuration included VTP, STP port features, enterprise security using Cisco Port Security.
  • Designed and implemented an IP addressing scheme with subnets for different departments.
  • Involved with the Systems team to Install, configure, & maintain AD, DNS, DHCP on Windows Server, and also configured a FTP server.
  • Troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
  • Analyze Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
  • Used various Network sniffers like Wireshark, TCP dump etc.
  • Operating Systems:Microsoft XP/Vista/7, Windows Servers, MS-Office and MS VISIO.
  • Hands-on experience on Up-gradation of Cisco IOS on different Cisco devices and modules.
  • Support 24x7 operations and answer calls from the customers on network emergencies.
  • Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades and patches with all around technical support.

Environment: Cisco Routers 2900, 2600, 3600; Cisco Switches 1900, 2900, 3500, 3700 and 4500s Series; LAN/WAN, NAT, DHCP, TCP/IP.

Hire Now